Vulnerabilities > Dotcms > Dotcms > 4.1.0

DATE CVE VULNERABILITY TITLE RISK
2018-11-26 CVE-2018-19554 Cross-site Scripting vulnerability in Dotcms
An issue was discovered in Dotcms through 5.0.3.
network
low complexity
dotcms CWE-79
5.4
5.4
2018-02-19 CVE-2016-10008 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
network
low complexity
dotcms CWE-89
6.5
6.5
2018-02-19 CVE-2016-10007 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
network
low complexity
dotcms CWE-89
6.5
6.5